General
-
Target
FieroHack.exe
-
Size
6.3MB
-
Sample
240629-3jtz9ssgnq
-
MD5
b88f61a7938ef8af011259c59efc3d3d
-
SHA1
ba6f4356993959799fbd88bb350558045c363a85
-
SHA256
640397d3d855cbb8e3400f7564294bae51d591f7adb0f7856b7acfeb47f4e3d2
-
SHA512
ba7a3564327f2ec4e0c34710205bdb297b8c4a29f020f973462897d52f4d99fefbb74c1f511195d2ac3bae0e44a8dc749cdf6d043ff5fba9939cdd73c59e7d40
-
SSDEEP
98304:0rLVoBkwXnc+AdMIm8r3ctMmKCOQhMCTgeZ1lcvd6:uhIkwt+x31/CICj1lg6
Static task
static1
Behavioral task
behavioral1
Sample
FieroHack.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
FieroHack.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
#/Sirus.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
#/Sirus.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
FieroHack.exe
-
Size
6.3MB
-
MD5
b88f61a7938ef8af011259c59efc3d3d
-
SHA1
ba6f4356993959799fbd88bb350558045c363a85
-
SHA256
640397d3d855cbb8e3400f7564294bae51d591f7adb0f7856b7acfeb47f4e3d2
-
SHA512
ba7a3564327f2ec4e0c34710205bdb297b8c4a29f020f973462897d52f4d99fefbb74c1f511195d2ac3bae0e44a8dc749cdf6d043ff5fba9939cdd73c59e7d40
-
SSDEEP
98304:0rLVoBkwXnc+AdMIm8r3ctMmKCOQhMCTgeZ1lcvd6:uhIkwt+x31/CICj1lg6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
#/Sirus.exe
-
Size
765.5MB
-
MD5
35161c329ace0d7440101eebbe9bf7a4
-
SHA1
fc9fd0634576444aab7411676c475df7071184b7
-
SHA256
6f82cf4d0ca6b745eb5a1d61fce06ce00b3da623e39ae4fe38a1bdc19a5493e8
-
SHA512
6988472683b72adf79f4b8a72a3b0e87b9122e3d8ab9bfda653655eea7af462850faefa4ae2f99189f0cb689f84920f7d8c400a97de0aa84ff617f5385a4e8ed
-
SSDEEP
3072:dpOAaAMUlp+iBv+PRcbj4nE3b9GLAUwESDqmDUZeV+BNDyNuCs5ORl9zeR8nOvUX:5MO5+Q3bokUT0qmDIe4rDyLs0x/B
Score1/10 -